Data trustworthiness at the edge

Download as PPTX, PDF

•0 likes•198 views

1. Manuel Offenberg of Seagate discussed securing data at the edge using RISC-V and Keystone enclaves to protect data during creation and movement. 2. OpenTitan can provide another layer of trust by securing the root of trust. 3. Endpoint security is crucial for ensuring overall data integrity and trustworthiness when significant data is being generated at billions of sensors and IoT devices.

Technology

Information Classification: General
CONTRIBUTE.
COLLABORATE.
COMMERCIALIZE.
December 8-10 | Virtual Event

Information Classification: General
December 8-10 | Virtual Event
Data Trustworthiness at the Edge
Manuel Offenberg
Managing Technologist
Seagate
#RISCVSUMMIT

Information Classification: General
Edge Data Challenges
1
Significant growth in
data driven autonomous
decision-making 2
Billions of sensors, IoT
devices, and end-points to
generate data for machine
learning training and inference
3
Many of these endpoints
have weak or no security,
increasing risk of unauthorized
data manipulation

Information Classification: General
Trusted Endpoint
• Identity attestation
• Firmware and
run-time attestation
• Secure isolation of
critical functionality
• Origin attestation with
data fingerprinting
Assurance
• Immutable and
verifiable object
storage framework
• Fingerprints for
content and metadata
integrity and origin
Notarization
• Ledger to record
content manifest
identifiers
• Immutable relative
ordering of events
Mobilization
• Devices and
applications have
cryptographic
identities
• Only provisioned
member devices
within the domain
• Verifiable provenance
of data objects based
on crypto identity
Chain of Custody for Data

Information Classification: General
Concept Use Case
Cloud
Mobile Device
Edge Data Storage
Data
Manifest
Data offload/storage, manifest validation
Data manifest transfers
RISC-V with secure
enclave(s) as Root of Trust
Endpoint
Provisioning
Notary
Storage
MFA Device
Device identity provisioning

Information Classification: General
Building Blocks
• DJI Matrice 100
• HiFive Unleashed
• Keystone Enclave
• Yubico Yubikey
Endpoint Services
• Lightweight object storage
• Verified data transfers
• Device provisioning
• Data movement
• Secure data logging
Trusted Endpoint

Information Classification: General
Keystone: Open-Source Enclave
Framework for RISC-V
• Trusted run-time for applications
• Isolation of sensitive data & functionality
Enclaves and Root of Trust
D. Lee et al., “Keystone: An Open Framework for Architecting Trusted Execution Environments”
https://doi.org/10.1145/3342195.3387532

Information Classification: General
Enclaves and Root of Trust
Keystone: Open-Source Enclave
Framework for RISC-V
• Trusted run-time for applications
• Isolation of sensitive data & functionality
• Uses Cases:
• Device/endpoint attestation
• Secure endpoint services,
e.g., data fingerprinting, key management

Information Classification: General
Root of Trust
• Platform integrity
• Self and system, e.g., Keystone SM
• Secrets storage and crypto operations
• Cryptographic identity
• E.g., Trusted Computing Group’s DICE
(Device Identifier Composition Engine)
Enclaves and Root of Trust
Keystone: Open-Source Enclave
Framework for RISC-V
• Trusted run-time for applications
• Isolation of sensitive data & functionality
• Uses Cases:
• Device/endpoint attestation
• Secure endpoint services,
e.g., data fingerprinting, key management

Information Classification: General
OpenTitan is the first open source
project building a transparent,
high-quality reference design for
silicon root of trust (RoT) chips.
Firmware
Instruction Set
Architecture
SoC Architecture
Digital IP
(RTL)
Foundry IP
Protocols
Physical Design Kit
Chip Fabrication
Chip Packaging
PCB Interface
PCB Design
(Sch & Layout)
APIS
RTL
Verification
Analog IP
Firmware
Instruction Set
Architecture
SoC Architecture
Digital IP
(RTL)
Foundry IP
Protocols
Physical Design Kit
Chip Fabrication
Chip Packaging
PCB Interface
PCB Design
(Sch & Layout)
APIS
RTL
Verification
Analog IP
Traditional RoT OpenTitan
Software
Silicon
Integration
Proprietary Open

Information Classification: General
Root of Trust Prototype
Seagate evaluation platform for endpoint storage
• Trenz TE0841 - Xilinx Kintex UltraScale XCKU035
• USB 3.x host interface
Ported OpenTitan to TE0841
• Added peripheral proprietary IP blocks
• Added placeholder IP as needed
Firmware/software
• Secure boot and secure updates
• Device identity and attestation
• Advanced features, e.g., HSM
What’s next
• Maturation of OpenTitan
• Attestation protocol enhancements
• Integrated IP for custom SoCs

Information Classification: General
Summary
manuel.offenberg@seagate.com
1
2
3
RISC-V and Keystone Enclaves to secure
data during creation and movement
OpenTitan provides another layer of trust
Endpoint security is key to overall
data integrity and trustworthiness

Information Classification: General
December 8-10 | Virtual Event
Thank you for joining us.
Contribute to the RISC-V conversation on social!
#RISCVSUMMIT @risc_v

More Related Content

PPTX

RISC-V 30946 manuel_offenberg_v3_notesRISC-V International

PPTX

Ziptillion boosting RISC-V with an efficient and os transparent memory comp...RISC-V International

PPTX

Developing for polar fire socRISC-V International

PPTX

Security and functional safetyRISC-V International

PPTX

Porting tock to open titanRISC-V International

PDF

Tech talk with Antmicro - Building your world out of blocks with renode and l...RISC-V International

PPTX

RISC-V 30906 hex five multi_zone iot firmwareRISC-V International

PPTX

Open j9 jdk on RISC-VRISC-V International

RISC-V 30946 manuel_offenberg_v3_notesRISC-V International

Ziptillion boosting RISC-V with an efficient and os transparent memory comp...RISC-V International

Developing for polar fire socRISC-V International

Security and functional safetyRISC-V International

Porting tock to open titanRISC-V International

Tech talk with Antmicro - Building your world out of blocks with renode and l...RISC-V International

RISC-V 30906 hex five multi_zone iot firmwareRISC-V International

Open j9 jdk on RISC-VRISC-V International

What's hot (20)

PPTX

Data on the move a RISC-V opportunityRISC-V International

PPTX

Chips alliance omni xtend overviewRISC-V International

PPTX

Coco co-desing and co-verification of masked software implementations on cp usRISC-V International

PPTX

Gernot heiser unsw sydney and se l4 foundationRISC-V International

PPTX

RISC-V 30910 kassem_ summit 2020 - so_c_genRISC-V International

PPTX

RISC-V: The Open Era of ComputingRISC-V International

PPTX

Building an open control stack for quantum computers using RISC-V ecosystemsRISC-V International

PDF

Secure IoT Firmware for RISC-VRISC-V International

PPTX

Fueling the datasphere how RISC-V enables the storage ecosystemRISC-V International

PDF

Tech talk with Antmicro - Building an open source system verilog ecosystemRISC-V International

PPTX

RISC-V UnconstrainedRISC-V International

PPTX

Easily emulating full systems on amazon fpg asRISC-V International

PDF

Standardizing the tee with global platform and RISC-VRISC-V International

PPTX

RISC-V growth and successes in technology and industry - embedded world 2021RISC-V International

PDF

RISC-V Online TutorRISC-V International

PPTX

RISC-V IntroductionRISC-V International

PDF

Andes RISC-V vector extension demystified-tutorialRISC-V International

PDF

RISC-V Summit 2020: The Next Ten YearsRISC-V International

PPTX

Educating the computer architects of tomorrow's critical systems with RISC-VRISC-V International

PDF

Andes building a secure platform with the enhanced iopmpRISC-V International

Data on the move a RISC-V opportunityRISC-V International

Chips alliance omni xtend overviewRISC-V International

Coco co-desing and co-verification of masked software implementations on cp usRISC-V International

Gernot heiser unsw sydney and se l4 foundationRISC-V International

RISC-V 30910 kassem_ summit 2020 - so_c_genRISC-V International

RISC-V: The Open Era of ComputingRISC-V International

Building an open control stack for quantum computers using RISC-V ecosystemsRISC-V International

Secure IoT Firmware for RISC-VRISC-V International

Fueling the datasphere how RISC-V enables the storage ecosystemRISC-V International

Tech talk with Antmicro - Building an open source system verilog ecosystemRISC-V International

RISC-V UnconstrainedRISC-V International

Easily emulating full systems on amazon fpg asRISC-V International

Standardizing the tee with global platform and RISC-VRISC-V International

RISC-V growth and successes in technology and industry - embedded world 2021RISC-V International

RISC-V Online TutorRISC-V International

RISC-V IntroductionRISC-V International

Andes RISC-V vector extension demystified-tutorialRISC-V International

RISC-V Summit 2020: The Next Ten YearsRISC-V International

Educating the computer architects of tomorrow's critical systems with RISC-VRISC-V International

Andes building a secure platform with the enhanced iopmpRISC-V International

Similar to Data trustworthiness at the edge (20)

PDF

2017 02-17 rsac 2017 tech-f02Shawn Wells

PDF

Trusted computing for infrastructureEricsson

PDF

RISC-V-Day-Tokyo2018-suzakiKuniyasu Suzaki

PDF

Améliorer OpenStack avec les technologies IntelOdinot Stanislas

PDF

Secure IOT GatewayLF Events

PPTX

20141116_Roots of Trust IIC_Nist VersionMichael Mossbarger

PDF

TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...Alan Quayle

PDF

Introduction of Opentitan security modelChiawei Wang

PPTX

Open Source and the Internet of ThingsBlack Duck by Synopsys

PDF

OpenSC: eID interoperability through open source softwareMartin Paljak

PDF

An Internet of Things Reference Architecture Symantec

PPTX

Opening last bits of the infrastructureErwan Velu

PPTX

Data Tactics Open Source BriefDataTactics

PPTX

Luigi Roman - CybersecurityPointOfView-LR.pptxFIWARE

PPTX

BUTLER IoT - Luxemburg presentation 8 9-12JobT

PPTX

HiPEAC 2022_Marcelo Pasin presentationVEDLIoT Project

PDF

DDDP 2019 - Brown to GreenJohn Archer

PDF

Cracking the Code - Unveiling Synergies Between Open Source Security and AI.pdfPriyanka Aash

PPTX

Provable Device Cybersecurity in Blockchain TransactionsRivetz

PPTX

Open Source Insight: IoT, Medical Devices, Connected Cars All Vulnerable to ...Black Duck by Synopsys

2017 02-17 rsac 2017 tech-f02Shawn Wells

Trusted computing for infrastructureEricsson

RISC-V-Day-Tokyo2018-suzakiKuniyasu Suzaki

Améliorer OpenStack avec les technologies IntelOdinot Stanislas

Secure IOT GatewayLF Events

20141116_Roots of Trust IIC_Nist VersionMichael Mossbarger

TADSummit, DataArt Keynote: Security in Virtualized Telecom Networks Michael ...Alan Quayle

Introduction of Opentitan security modelChiawei Wang

Open Source and the Internet of ThingsBlack Duck by Synopsys

OpenSC: eID interoperability through open source softwareMartin Paljak

An Internet of Things Reference Architecture Symantec

Opening last bits of the infrastructureErwan Velu

Data Tactics Open Source BriefDataTactics

Luigi Roman - CybersecurityPointOfView-LR.pptxFIWARE

BUTLER IoT - Luxemburg presentation 8 9-12JobT

HiPEAC 2022_Marcelo Pasin presentationVEDLIoT Project

DDDP 2019 - Brown to GreenJohn Archer

Cracking the Code - Unveiling Synergies Between Open Source Security and AI.pdfPriyanka Aash

Provable Device Cybersecurity in Blockchain TransactionsRivetz

Open Source Insight: IoT, Medical Devices, Connected Cars All Vulnerable to ...Black Duck by Synopsys

More from RISC-V International (15)

PDF

WD RISC-V inliner work effortRISC-V International

PDF

RISC-V Zce ExtensionRISC-V International

PPTX

London Open Source Meetup for RISC-VRISC-V International

PPTX

Static partitioning virtualization on RISC-VRISC-V International

PDF

Semi dynamics high bandwidth vector capable RISC-V coresRISC-V International

PPTX

Reverse Engineering of Rocket ChipRISC-V International

PPTX

RISC-V NOEL-V - A new high performance RISC-V Processor FamilyRISC-V International

PDF

RISC-V 30908 patraRISC-V International

PPTX

RISC-V 30907 summit 2020 joint picocom_mentorRISC-V International

PDF

RISC-V software state of the unionRISC-V International

PDF

Ripes tracking computer architecture throught visual and interactive simula...RISC-V International

PDF

Open source manufacturable pdk for sky water 130nm process nodeRISC-V International

PPTX

Online test program generator for RISC-V processorsRISC-V International

PPTX

Klessydra t - designing vector coprocessors for multi-threaded edge-computing...RISC-V International

PPTX

Esperanto accelerates machine learning with 1000+ low power RISC-V cores on a...RISC-V International

WD RISC-V inliner work effortRISC-V International

RISC-V Zce ExtensionRISC-V International

London Open Source Meetup for RISC-VRISC-V International

Static partitioning virtualization on RISC-VRISC-V International

Semi dynamics high bandwidth vector capable RISC-V coresRISC-V International

Reverse Engineering of Rocket ChipRISC-V International

RISC-V NOEL-V - A new high performance RISC-V Processor FamilyRISC-V International

RISC-V 30908 patraRISC-V International

RISC-V 30907 summit 2020 joint picocom_mentorRISC-V International

RISC-V software state of the unionRISC-V International

Ripes tracking computer architecture throught visual and interactive simula...RISC-V International

Open source manufacturable pdk for sky water 130nm process nodeRISC-V International

Online test program generator for RISC-V processorsRISC-V International

Klessydra t - designing vector coprocessors for multi-threaded edge-computing...RISC-V International

Esperanto accelerates machine learning with 1000+ low power RISC-V cores on a...RISC-V International

Recently uploaded (20)

PDF

Brief History of Internet - Early Days of Internetsutharharshit158

PDF

SparkLabs Primer on Artificial Intelligence 2025SparkLabs Group

PDF

Economic Impact of Data Centres to the Malaysian Economyflintglobalapac

PPTX

The-Ethical-Hackers-Imperative-Safeguarding-the-Digital-Frontier.pptxsujalchauhan1305

PDF

How ETL Control Logic Keeps Your Pipelines Safe and Reliable.pdfStryv Solutions Pvt. Ltd.

PPTX

Agile Chennai 18-19 July 2025 Ideathon | AI Powered Microfinance Literacy Gui...AgileNetwork

PDF

AI-Cloud-Business-Management-Platforms-The-Key-to-Efficiency-Growth.pdfArtjoker Software Development Company

PDF

MASTERDECK GRAPHSUMMIT SYDNEY (Public).pdfNeo4j

PDF

Using Anchore and DefectDojo to Stand Up Your DevSecOps FunctionAnchore

PDF

Presentation about Hardware and Software in Computersnehamodhawadiya

PPTX

Applied-Statistics-Mastering-Data-Driven-Decisions.pptxparmaryashparmaryash

PDF

NewMind AI Weekly Chronicles - July'25 - Week IVNewMind AI

PDF

Unlocking the Future- AI Agents Meet Oracle Database 23ai - AIOUG Yatra 2025.pdfSandesh Rao

PPTX

What-is-the-World-Wide-Web -- Introductiontonifi9488

PPTX

OA presentation.pptx OA presentation.pptxpateldhruv002338

PDF

Security features in Dell, HP, and Lenovo PC systems: A research-based compar...Principled Technologies

PDF

Structs to JSON: How Go Powers REST APIsEmily Achieng

PDF

Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...Sandesh Rao

PDF

Software Development Methodologies in 2025KodekX

PPTX

Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...AgileNetwork

Brief History of Internet - Early Days of Internetsutharharshit158

SparkLabs Primer on Artificial Intelligence 2025SparkLabs Group

Economic Impact of Data Centres to the Malaysian Economyflintglobalapac

The-Ethical-Hackers-Imperative-Safeguarding-the-Digital-Frontier.pptxsujalchauhan1305

How ETL Control Logic Keeps Your Pipelines Safe and Reliable.pdfStryv Solutions Pvt. Ltd.

Agile Chennai 18-19 July 2025 Ideathon | AI Powered Microfinance Literacy Gui...AgileNetwork

AI-Cloud-Business-Management-Platforms-The-Key-to-Efficiency-Growth.pdfArtjoker Software Development Company

MASTERDECK GRAPHSUMMIT SYDNEY (Public).pdfNeo4j

Using Anchore and DefectDojo to Stand Up Your DevSecOps FunctionAnchore

Presentation about Hardware and Software in Computersnehamodhawadiya

Applied-Statistics-Mastering-Data-Driven-Decisions.pptxparmaryashparmaryash

NewMind AI Weekly Chronicles - July'25 - Week IVNewMind AI

Unlocking the Future- AI Agents Meet Oracle Database 23ai - AIOUG Yatra 2025.pdfSandesh Rao

What-is-the-World-Wide-Web -- Introductiontonifi9488

OA presentation.pptx OA presentation.pptxpateldhruv002338

Security features in Dell, HP, and Lenovo PC systems: A research-based compar...Principled Technologies

Structs to JSON: How Go Powers REST APIsEmily Achieng

Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...Sandesh Rao

Software Development Methodologies in 2025KodekX

Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...AgileNetwork

Data trustworthiness at the edge

1. Information Classification: General CONTRIBUTE. COLLABORATE. COMMERCIALIZE. December 8-10 | Virtual Event

2. Information Classification: General December 8-10 | Virtual Event Data Trustworthiness at the Edge Manuel Offenberg Managing Technologist Seagate #RISCVSUMMIT

3. Information Classification: General Edge Data Challenges 1 Significant growth in data driven autonomous decision-making 2 Billions of sensors, IoT devices, and end-points to generate data for machine learning training and inference 3 Many of these endpoints have weak or no security, increasing risk of unauthorized data manipulation

4. Information Classification: General Trusted Endpoint • Identity attestation • Firmware and run-time attestation • Secure isolation of critical functionality • Origin attestation with data fingerprinting Assurance • Immutable and verifiable object storage framework • Fingerprints for content and metadata integrity and origin Notarization • Ledger to record content manifest identifiers • Immutable relative ordering of events Mobilization • Devices and applications have cryptographic identities • Only provisioned member devices within the domain • Verifiable provenance of data objects based on crypto identity Chain of Custody for Data

5. Information Classification: General Concept Use Case Cloud Mobile Device Edge Data Storage Data Manifest Data offload/storage, manifest validation Data manifest transfers RISC-V with secure enclave(s) as Root of Trust Endpoint Provisioning Notary Storage MFA Device Device identity provisioning

6. Information Classification: General Building Blocks • DJI Matrice 100 • HiFive Unleashed • Keystone Enclave • Yubico Yubikey Endpoint Services • Lightweight object storage • Verified data transfers • Device provisioning • Data movement • Secure data logging Trusted Endpoint

7. Information Classification: General Keystone: Open-Source Enclave Framework for RISC-V • Trusted run-time for applications • Isolation of sensitive data & functionality Enclaves and Root of Trust D. Lee et al., “Keystone: An Open Framework for Architecting Trusted Execution Environments” https://doi.org/10.1145/3342195.3387532

8. Information Classification: General Enclaves and Root of Trust Keystone: Open-Source Enclave Framework for RISC-V • Trusted run-time for applications • Isolation of sensitive data & functionality • Uses Cases: • Device/endpoint attestation • Secure endpoint services, e.g., data fingerprinting, key management

9. Information Classification: General Root of Trust • Platform integrity • Self and system, e.g., Keystone SM • Secrets storage and crypto operations • Cryptographic identity • E.g., Trusted Computing Group’s DICE (Device Identifier Composition Engine) Enclaves and Root of Trust Keystone: Open-Source Enclave Framework for RISC-V • Trusted run-time for applications • Isolation of sensitive data & functionality • Uses Cases: • Device/endpoint attestation • Secure endpoint services, e.g., data fingerprinting, key management

10. Information Classification: General OpenTitan is the first open source project building a transparent, high-quality reference design for silicon root of trust (RoT) chips. Firmware Instruction Set Architecture SoC Architecture Digital IP (RTL) Foundry IP Protocols Physical Design Kit Chip Fabrication Chip Packaging PCB Interface PCB Design (Sch & Layout) APIS RTL Verification Analog IP Firmware Instruction Set Architecture SoC Architecture Digital IP (RTL) Foundry IP Protocols Physical Design Kit Chip Fabrication Chip Packaging PCB Interface PCB Design (Sch & Layout) APIS RTL Verification Analog IP Traditional RoT OpenTitan Software Silicon Integration Proprietary Open

11. Information Classification: General Root of Trust Prototype Seagate evaluation platform for endpoint storage • Trenz TE0841 - Xilinx Kintex UltraScale XCKU035 • USB 3.x host interface Ported OpenTitan to TE0841 • Added peripheral proprietary IP blocks • Added placeholder IP as needed Firmware/software • Secure boot and secure updates • Device identity and attestation • Advanced features, e.g., HSM What’s next • Maturation of OpenTitan • Attestation protocol enhancements • Integrated IP for custom SoCs

12. Information Classification: General Summary [email protected] 1 2 3 RISC-V and Keystone Enclaves to secure data during creation and movement OpenTitan provides another layer of trust Endpoint security is key to overall data integrity and trustworthiness

13. Information Classification: General December 8-10 | Virtual Event Thank you for joining us. Contribute to the RISC-V conversation on social! #RISCVSUMMIT @risc_v